CVE-2022-27448 — Reachable Assertion in Mariadb

CWE-617 — Reachable Assertion9 documents9 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 61.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mariadb Debian Linux

Timeline

PublishedApr 14

Latest updateJan 27

Description

There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDmariadb/mariadb10.3.0 — 10.3.35+4

Also affects: Debian Linux 10.0

Patches

Patch: jira.mariadb.org ↗Patch: jira.mariadb.org ↗

🔴Vulnerability Details

GHSA

GHSA-48pm-mhwh-g6mr: There is an Assertion failure in MariaDB Server v10↗2022-04-15

▶

CVEList

CVE-2022-27448: There is an Assertion failure in MariaDB Server v10↗2022-04-14

▶

OSV

CVE-2022-27448: There is an Assertion failure in MariaDB Server v10↗2022-04-14

▶

📋Vendor Advisories

CISA ICS

Festo Didactic SE MES PC↗2026-01-27

▶

Ubuntu

MariaDB vulnerabilities↗2022-11-23

▶

Microsoft

There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.↗2022-04-12

▶

Red Hat

mariadb: crash in multi-update and implicit grouping↗2022-03-16

▶

Debian

CVE-2022-27448: mariadb-10.5 - There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur-...↗2022

▶